The bi-annual survey of C-Suite leaders and senior executives and VPs in companies of all sizes and industries found that 54% of organizations have experienced a cyber breach, up from 44% in 2014.

In addition to cybercrime, the report looks at experiences of asset misappropriation (55%, down from 69% in 2014); bribery and corruption (14%, up from 13% in 2014); and insider training (4%, up from 0% in 2014). Other economic crimes reported by organizations include procurement and accounting fraud, money laundering, IP infringement, espionage and tax fraud.

The impact of economic crime is powerful for many of the U.S. companies that participated in the survey. Over 25% said they experienced losses between $100,000 and $1 million; 13% reported losses between $1 million and $5 million; 8% reported losses between $5 million and $100 million; and 3% reported losses over $100 million.

Here’s a summary of more key findings from the report:

U.S. companies are poorly prepared for economic crime

• More than a third (38%) have experienced economic crime in the last two years.

• More than half (57%) say external actors are the main perpetrators, compared to internal fraud (29%).

• One in 10 companies have never carried out a fraud risk assessment.

Cyber threats on the rise

• Almost half of U.S. organizations expect to experience a cyber breach within the next two years.

• Poor preparedness: Just over half of organizations have a cyber incident response plan.

• Only 40% of boards of directors ask for information about cyber readiness more than once a year.

Middle and top management sending the wrong message

• 10% of U.S. organizations do not have a formal ethics and compliance program

• Only 50% “strongly agree” that values are clear and understood

• 53% of internal crimes are committed by middle management; 18% by upper management, up from 4%